Af Torben B. Sørensen, 29/09/17
Cisco har lukket en række alvorlige sikkerhedshuller i IOS og IOS XE.
Flere sårbarheder i styresystemerne IOS og IOS XE fra Cisco lader angribere overtage kontrollen med de systemer, der anvender dem. Andre sårbarheder giver mulighed for at sætte systemet ud af drift.
Blandt sårbarhederne er en fejl i et REST-API, der gør det muligt at omgå autentifikationssystemet og få adgang til web-administrationsgrænsefladen.
Cisco har udsendt opdateringer, der lukker sikkerhedshullerne.
Anbefaling
Opdater til en rettet version.
Links
- IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
- IOS XE Software Web UI Privilege Escalation Vulnerability
- IOS XE Software Web UI REST API Authentication Bypass Vulnerability
- IOS XE Software for Cisco ASR 1000 Series and cBR-8 Routers Line Card Console Access Vulnerability
- IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerabilities
- IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
- IOS XE Wireless Controller Manager Denial-of-Service Vulnerability
- IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
- IOS Software Network Address Translation Denial-of-Service Vulnerability
- IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability
- IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability
- IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
- IOS Software for Cisco Integrated Services Routers Generation 2 Denial-of-Service Vulnerability
- IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
- Critical IOS Flaws Expose Cisco Devices to Remote Attacks, artikel fra SecurityWeek